Aug 10, 2010
�How good is good enough? For companies regulated by the Payment Card Industry Data Security Standard (PCIDSS), the question remains, even after a successfully completed audit. The very next day a new system may be installed, a new threat discovered, a new user added, a new patch released. If an audit is passed and a breach occurs, the impact would still potentially be devastating.
Business and security leaders must constantly strive to find a balance, weighing budget allocations, staffing, new investments, and ongoing costs vs. security objectives. Given that, it is incumbent upon security teams to refine their approaches in order to maximize efficiency while they maximize security. That�s why many organizations have looked to tokenization.
Tokenization is gaining increased adoption in a range of organizations and industries. By effectively taking PCI data out of scope, tokenization presents a host of benefits, helping organizations both boost security and reduce PCI compliance efforts and costs.
This paper offers a detailed look at tokenization and how it can support organizations� PCI compliance efforts. The paper compares tokenization to encryption and other approaches, including some of the factors to consider in choosing which approach is best for a given deployment scenario. In addition, the paper describes an approach from SafeNet, transparent tokenization, and it reveals some of the specific advantages and benefits this solution offers to organizations looking to safeguard sensitive data in the most effective and efficient manner possible.